Ngaf Feautures for SSH AND RDP

Marvin Comamao Lv1Posted 25 Mar 2024 10:32

Hi All,

Good Day!


Feautures want to protect internal host from SSH and RDP Brute force attack which function of ngaf can meet his requirements?

1.APT Detection
2.RT Vulnerability Scanner
3.Web App Protection
4.IPS

mdamores has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Hello,

Among all the options you mentioned, the best function of NGAF to protect internal hosts from SSH and RDP  brute force attack is IPS or Intrusion Prevention System. See explanation below:

- IPS monitors network traffic for malicious activities including brute force login attempts and can identify patterns of repeated failed login attempts on SSH and RDP ports.
- IPS functions beyond just identifying vulnerabilities unlike vulnerability scanners. it also actively block suspicious traffic which prevents hackers from gaining access to the internal hosts thru SSH or RDP brute force attempts
Is this answer helpful?
Farina Ahmed Lv5Posted 28 Mar 2024 13:40
  
To protect internal hosts from SSH and RDP brute force attacks, the feature of Intrusion Prevention System (IPS) in (NGAF) would be the most suitable. IPS monitors network traffic for malicious activity and can detect and block brute force attacks targeting SSH and RDP protocols by analyzing patterns and behaviors associated with such attacks in real-time. This proactive approach helps prevent unauthorized access attempts and strengthens the security posture of internal hosts against brute force attacks...
jerome_itable Lv3Posted 27 Mar 2024 08:18
  
The most effective Sangfor NGAF function to protect internal hosts from SSH and RDP brute-force attacks is:

4. IPS (Intrusion Prevention System)

Here's why IPS is the best choice for this scenario:

    Brute-force attack detection: IPS is designed to monitor network traffic for malicious activity, including brute-force login attempts. It can identify patterns of repeated failed login attempts from a single source, which is a hallmark of brute-force attacks.

    Blocking malicious traffic: Once IPS detects a brute-force attack, it can take action to block the attacker's IP address or throttle login attempts after a certain number of failures. This significantly reduces the risk of successful unauthorized access.

    Real-time protection: IPS operates in real-time, constantly analyzing network traffic for threats. This ensures immediate response to ongoing brute-force attacks.

While the other options you mentioned offer valuable security features, they are not directly suited for this specific task:

    APT Detection: APT (Advanced Persistent Threat) detection focuses on identifying sophisticated, targeted attacks, which may not involve brute-force methods.

    RT Vulnerability Scanner: This function identifies vulnerabilities in systems and applications, but it doesn't actively block attacks that exploit those vulnerabilities.

    Web App Protection: This feature is designed to secure web applications from attacks, not SSH or RDP services typically used for remote server access.

By implementing Sangfor NGAF's IPS and configuring it with appropriate rules for SSH and RDP traffic, you can significantly strengthen your defenses against brute-force attacks and protect your internal hosts.
Medic Lv1Posted 27 Mar 2024 00:05
  
My suggestion is that you can run the Intrusion Prevention System (IPS) feature in NGAF. This will protect your server from attackers.
pmateus Lv2Posted 26 Mar 2024 20:13
  
I sugest you to use IPS -  Intrusion Prevention System on NGAF, but i sugest that your servers or devices that have SSH and RDP port open to have some policies to prevent Brute force attack in case...
Zonger Lv5Posted 26 Mar 2024 19:19
  
It is suggested to implement an Intrusion Prevention System (IPS) in your NGAF solution. Please consider configuring your firewall to restrict access to these ports only for authorized sources and implementing strong password policies to further enhance security.
Newbie290036 Posted 26 Mar 2024 19:12
  
The most relevant function in a Next-Generation Firewall (NGAF) would be the Intrusion Prevention System (IPS).

IPS is designed to monitor network traffic and identify potential threats, including brute-force attacks targeting SSH and RDP ports. It can analyze traffic patterns and block malicious activities based on predefined rules or signatures. By implementing an IPS, you can effectively shield your internal hosts from brute-force attacks.
Enrico Vanzetto Lv4Posted 26 Mar 2024 15:49
  
Hi, i suggest you to safeguard your internal systems from brute force attacks targeting SSH and RDP, with the Intrusion Prevention System (IPS) feature in NGAF is essential. It identifies these attacks within your network traffic and halts them. Although other features such as APT detection and web application protection are also crucial, the IPS is specifically designed to thwart these types of attacks.
CLELUQMAN Lv4Posted 26 Mar 2024 15:28
  
Intrusion Prevention System (IPS)
Tayyab0101 Lv2Posted 26 Mar 2024 14:07
  
apply firewall and IPS system.
NCML985261 Lv2Posted 26 Mar 2024 13:50
  
To protect your internal systems from brute force attacks on SSH and RDP, you need the Intrusion Prevention System (IPS) feature in NGAF. It spots these attacks in your network traffic and stops them. While other features like APT detection and web app protection are vital too, IPS focuses directly on stopping these kinds of attacks.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders